formbook

General

Target

INVOICEKOMB20220001-03-10-22.pdf.exe
Size

1.2MB
Sample

221004-gqwa1sehcj
MD5

cbe324036a077d5b84d4c22788ff0027
SHA1

5526abc6eb697c083d3071bd5b6cf8fb67f617af
SHA256

67e6fd61e128d5649045a4fc55fc6c287722b5c92e65eef35ce0838d6210d901
SHA512

dd81a4fb9c160d96c9443e0e310c203f79573a71c54d404a0ada191d2d6224f440c899482df8d06a1ea871a98ae3e9c3e40d606b127be33478ed1d8afb955896
SSDEEP

24576:0AOcZ2i7W4sb3Vm6XYbh1GIoQHXehUcztVqEubl83o9Zkbg5:iv5EKhQOKWfqEUU2ZkM

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh76

Decoy

healthgovcalottery.net

wenxinliao.com

rooterphd.com

bbobbo.one

american-mes-de-dezembro.xyz

mintager.com

thespecialtstore.com

wemakegreenhomes.com

occurandmental.xyz

fidelityrealtytitle.com

numerisat.asia

wearestallions.com

supxl.com

rajacumi.com

renaziv.online

blixtindustries.com

fjljq.com

exploretrivenicamping.com

authenticusspa.com

uucloud.press

Targets

- Target
  
  INVOICEKOMB20220001-03-10-22.pdf.exe
- Size
  
  1.2MB
- MD5
  
  cbe324036a077d5b84d4c22788ff0027
- SHA1
  
  5526abc6eb697c083d3071bd5b6cf8fb67f617af
- SHA256
  
  67e6fd61e128d5649045a4fc55fc6c287722b5c92e65eef35ce0838d6210d901
- SHA512
  
  dd81a4fb9c160d96c9443e0e310c203f79573a71c54d404a0ada191d2d6224f440c899482df8d06a1ea871a98ae3e9c3e40d606b127be33478ed1d8afb955896
- SSDEEP
  
  24576:0AOcZ2i7W4sb3Vm6XYbh1GIoQHXehUcztVqEubl83o9Zkbg5:iv5EKhQOKWfqEUU2ZkM
Score

10^/10

formbook mh76 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2